Deploy VMs into Custom OU via Guest Customization

By default, with ‘Full Virtual Machines’ or ‘Linked Clones’ without QuickPrep, there is no built-in way to place new virtual desktops created with VMware View into an Organization Unit other than the default Computers location. This technically applies to any VM deployed via cloning, etc. with Guest Customization as well, but this issue arose with VMware View since it’s a lot of machines at once which makes pre-creating the objects kind of painful.

With Quickprep/Linked Clones, the Pool can be configured to whatever OU is needed for the desktops. With Sysprep, it’s necessary to utilize a Guest Customization template that don’t allow for specification of the OU. Guest Customizations do allow for “Custom Sysprep Answer Files,” but these will not inherit the virtual machine name, or at least I did not find an easy way to get them to do so.

So, the following is an alternative method to have the Guest Customization to not directly join the domain, but instead use a RunOnce script and the ‘netdom’ command:

  1. Place a script on the Parent VM named “SetupComplete.cmd”. Place this in C:\WINDOWS\Setup\Scripts\, for example. It should contain the commands below modified to fit the environment. Also, lock down the script with NTFS permissions.
  2. Create a Guest Customization that does not join the VM to the domain. Also, place “C:\WINDOWS\Setup\Scripts\SetupComplete.cmd” into the RunOnce section. Name it something like WinXP-NoDomain.
  3. Setup the Pool to use the WinXP-NoDomain Guest Customization.

net start workstation
“C:\Program Files\Support Tools\netdom.exe” join %COMPUTERNAME% /domain:eeg3.lab /ou:”OU=CustomOU,OU=vDesktops,DC=eeg3,DC=lab” /userd:EEG3\ser_sysprep /passwordd:p4ssw0rd /reboot”
del C:\WINDOWS\Scripts\Setup\SetupComplete.cmd

The command starting the workstation service is necessary because it ensures that service is started which is necessary for netdom to succeed. Without that commands, the service may be too slow to start and the netdom command will fail silently and the desktop will sit there not on the domain. The delete command is to remove the script from the machine after it’s ran, since the password is stored within this script. Once ran, the machine will do a final reboot and be ready for usage.

Written by

Customer Engineer, @GoogleCloud | Mobility, Cloud, and Random Technology | Posts are mine and don’t represent my company.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store